Spirent Services

Blog

A new class of attacks—kinetic attacks—was recently demonstrated at RSA 2014. This self-described "frying the machine" is part of a family of attacks aimed at causing physical damage to the system. This kind of attack targets a worm which rewrites the APC controller, setting the CPU performance to full power, and turns off the system fans causing the computer to literally catch on fire! Previous kinetic attacks such as 'Stuxnet' targeted nuclear power plants.

It's one thing to have your reputation compromised by a cyber attack, but it's literally life-threatening to be the target of a kinetic attack. Kinetic attacks target the interface between computing and physical systems. Think about an attack on a power grid or water system. Can you imagine all the transformers on the US East coast simultaneously catching fire, or gallons of untreated water being dumped into fresh water systems? Simply put—this class of attack causes harm to property, infrastructure and life itself.

So how do you defend against kinetic attacks? Fundamentally, it comes down to proper cyber warfare testing techniques. More specifically, it means using solutions that allow you to reproduce this class of attack and 'elasticize' the variables of the attack to test “what if” scenarios.

Once you realize that any attack is a scenario comprised of test ports, emulated hosts, events over time, assertions and valid traffic; it takes a bit of the fear away and helps put appropriate prevention in perspective. The Spirent Avalanche attack generation engine uniquely addresses the challenges of kinetic attacks. Basically, it can create a timeline of events emulating the stages of layer penetration and infection, while at the same time measuring stage-by-stage events. All of this can then be tested in the presence of valid workflows. That sounds a little less frightening, doesn't it?

Spirent's solution can coordinate a multisource staged knockdown attack on the PC, and then connect and push a worm to the APC controller (emulated of course!). Because we emulate the attacked system and the attacking elements, we can replay the scenario across a firewall, IPS/IDS, etc.

Alternately, we can also emulate 'one-arm' attacks, which only target a live host. In both cases, we can emulate millions of concurrent attack scenarios in parallel.